A major online torrent service has suffered a major data breach - check if you're affected

Image Credit: Pixabay (Image credit: Pixabay)

A major private torrent community appaears to have inadvertently exposed sensitive user data to the wider internet.

Research from Cybernews discovered an unprotected database using Elasticsearch belonging to French service World in HD (WiHD).

The database, the researchers said, contained user emails, IP addresses, service information, usernames, and hashed passwords, for both forum users and administrators, with almost 100,000 people thought to have had their data exposed this way.

WiHD user blackmail

Torrents are a way to share big files over the internet, and while they’re not illegal by design, a lot of people use them to share pirated content, such as movies and series, music, games, cracked software, and more. Therefore, having personally identifiable information exposed this way also potentially exposes these people to criminal charges.

Most torrent sites, such as the famed Pirate Bay, advocate the use of VPN when downloading things via torrents, so it’s safe to assume that most users created fake email addresses and used IP spoofing software to remain hidden.

WiHD is a popular video torrent community that specializes in content in French and English languages and tries to maintain high standards. The members have access to high-definition TV series, animations, and other content. Allegedly, becoming a member is relatively hard, as some people were observed selling their invites for more than $100.

“Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals,” researchers said.

It is unknown if any threat actors (or law enforcement, for that matter) discovered this database before Cybernews did. It is also unknown if WiHD was notified of the discovery beforehand, or if they managed to lock the database down in the meantime.

More from TechRadar Pro

Tackling malicious domains and typosquatting
Here's a list of the best firewalls today
These are the best endpoint protection tools at the moment

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.